LDAP defines directory operations for adding or deleting an entry, modifying an existing entry, and changing the name of an entry. However, LDAP is used primarily to search for information in the directory. The LDAP search operation allows a section of the directory to be searched for entries that match criteria specified by a search filter. From a programming perspective, LDAP is just another client/server data management system. For example, the following code would extract employee data from an LDAP directory: <cfldap action="QUERY" name="emp" attributes="cn,o,l,c,mail,telephonenumber" start="o=forta, c=US" sort="cn ASC" server="ldap.forta.com"> <!--- Display employees ---> <cfoutput> There were #emp.RecordCount# employees found. </cfoutput> <table> <tr> <th>Name</TH> <th>Organization</th> <th>Location</th> <th>EMail</th> <th>Phone</th> </tr> <cfoutput query="emp"> <tr> <td>#cn#</td> <td>#o#</td> <td>#l#, #c#</td> <td><a href="mailto:#mail#">#mail#</a></td> <td>#telephonenumber#</td> </tr> </cfoutput> </table> The ATTRIBUTES parameter dictates which entitiesor in a database sense, which columnsthe search returns. START nominates the branch in the directory hierarchy at which the search should start. We are sorting by common name in ascending order. Matching information is returned as a query object specified by the NAME attribute. See Table 42.1 for more <cfldap> attributes.
Displaying query objects with <cfoutput> is discussed in Chapter 7, "Using Databases." LDAP offers a collection of filter operators. These can be used to apply Boolean and wildcard searches on the directory entries. For example, restricting a search to an organization name of Forta and a country of US could be done using the following line: filter=(&(o=Forta)(c=US)) <cfldap> provides actions for updating LDAP directories. Typically a username and password with appropriate permissions are required to perform additions or modifications to the directory. For modifications or deletions, you will need to know the distinguished name, which acts like a database primary key. Lastly, the attributes parameter is used to specify a list of LDAP attributes to be updated or added to the hierarchy: <cfldap action="add" dn="cn=Ben Forta, ou=Development, o=forta.com" attributes="objectclass=top, person, organizationalPerson; mail=ben@forta.com; telephonenumber=555-5555; ou=Development" modifytype="REPLACE" server="ldap.forta.com" username="cn=admin, ou=IT, o=forta.com" password="tralala"> In this example, a DN for an administrator, admin, is used as the username; the particular record being updated is specified in the DN attribute; and the attributes list the values for updating an entry for Ben Forta. note If a single attribute value contains a comma, you must escape it by adding an extra comma. |